<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html lang="en">
<head>
  <meta name="copyright" content=
  "Copyright (c) Red Hat Inc. and others 2022. This page is made available under license. For full details see the LEGAL in the documentation book that contains this page.">
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  <meta http-equiv="Content-Style-Type" content="text/css">
  <link rel="STYLESHEET" href="../book.css" charset="ISO-8859-1" type="text/css">
  <script language="JavaScript" src="PLUGINS_ROOT/org.eclipse.help/livehelp.js" type="text/javascript"></script>
  <title>Trust</title>
</head>
<body bgcolor="#FFFFFF">

<h1 class="Head">Trusting p2 content installation</h1>
<p class="Intro">
Installing content is by nature a security risk as it can reconfigure the installation and can do so for potentially malicious purposes.
This is the case even when installing content that has no associated associated artifact.
To mitigate this risk, p2 tracks the originating external sources of all content being installed and presents that information for review.
</p>

<h2>Trust Authorities Dialog</h2>
<p>
External content is typically installed via an <code>https</code> connection that ensures that the content is security transported from the content authority to the receiver.
This <strong>does not guarantee</strong> that the content is trustworthy.
The user is encouraged to consider carefully whether the site and associated authority from which content is being downloaded is actually trustworthy.
<p>

<p>
In the case of content being installed from an unverified site or authority, 
the <em>Trust Authorities</em> dialog shows the units being installed along with the associated sites and authorities from which those units originate for the user's review and approval.
The details of the so-called touch-points of each such unit present any configuration instructions that will be applied during installation.
The user may choose which authorities are trusted, and may even choose to install content from all authorities in the future.
If all the units originate from trusted authorities, installation will continue; otherwise it's aborted.
</p>

<h2>Trust Preference Page</h2>
<p>
The
<a class="command-link" href='javascript:executeCommand("org.eclipse.ui.window.preferences(preferencePageId=org.eclipse.equinox.internal.p2.ui.sdk.TrustPreferencePage)")'>
  <img src="PLUGINS_ROOT/org.eclipse.help/command_link.svg" alt="command link">
  <strong>Install/Update &gt; Trust</strong>
</a>
preference page's <strong>Authorities</strong> tab lists all the authorities considered as trusted and allows to add or remove authorities,
or even to allow all content from all authorities to be installed without confirmation.
</p>

<h3 class="related">Related tasks</h3>
<a href="../tasks/tasks-120.htm">Updating the installation</a><br>
<a href="../tasks/tasks-124.htm">Installing new software</a><br>
<a href="ref-p2-trust.htm">Trusting p2 artifact installation</a>

<h3 class="related">Related reference</h3>
<a href="ref-61.htm">Help Menu</a>

</body>
</html>
